Security components in the Windows system - Capicom
Wang Zhi
Overview
The Windows operating system provides us with advanced encryption system model CRYPTAPI, and the model also provides a wealth of functions for third-party development. But using Cryptapi to complete some usual operations (such as encryption, signing) is still quite complicated. Fortunately, MS also provides Capicom components, encapsulates the above-mentioned complex operations, so that you only need to call one or two functions, you can complete the specified function.
Capicom is a component of a COM model that can be used in a variety of languages in a Windows environment. Moreover, most interfaces in Capicom are "script security", which means you can safely use the features provided by these interfaces in the browser web script.
The following will be a brief introduction to the function of CAPICOM. When reading this introduction, we assume that you have a preliminary understanding of the password knowledge, COM model, and scripting programming.
Function and applicable environment
Currently, Capicom has two versions: 1.0 and version 2.0. Among them, the latter provides some additional functions based on the former.
Capicom v1.0 provides the following features:
1. Generate and verify the digital signature of the PKCS # 7 format;
2, use certificate encryption / decryption data;
3, use the password encryption / decrypt data;
Capicom V2.0 provides the following features:
1. Generate and verify the code signature;
2, support the document form;
3, quick certificate search;
4, has a hash value of any data;
5, support AES algorithm (requires Windows .NET Server 2003 or Windows XP support);
6. Support advanced certificate properties, such as policies, templates.
Capicom is a rebirth component, that is, it is not included in the operating system, you need to install the registration of this component separately (can be downloaded from MS); Capicom V1.0 requires Win95, Winnt 4.0 or later, CAPICOM V2 .0 requires Win98, WinNT 4.0 SP4 or higher.
Main function instructions
The following is a description of several commonly used encryption operations and certificate management functions.
Hare
Use object: HashedData
Script security.
Note: You need Capicom V2.0 support.
Password plus decryption
Use objects: EncryptedData
Script security.
Note: The encryption result does not conform to the PKCS # 7 standard, that is, data encrypted with CAPICOM can only decrypt it.
Digital envelope
Use objects: envelopeddata
Script security.
The result of the processing complies with the PKCS # 7 standard.
digital signature
Use object: SignedData
Script security.
The result of the processing complies with the PKCS # 7 standard.
Certificate management
Use objects: Certificate, Store, etc.
Script security.
You can use a series of certificate management components provided by Capicom to complete the verification, query, storage, and display of the certificate.
Internal strategy
Algorithm search strategy
CAPICOM first checks whether the system default CSP supports the algorithm and key length specified by the user. If it fails, the CSP provided by Microsoft is searched, and it is determined whether it supports the algorithm and key length of the above specified. The search order is as follows:
1. System default CSP;
2, Microsoft Enhanced Cryptographic Province;
3, Microsoft Strong cryptographic provider;
4, Microsoft Base Cryptographic Province; By visible, in Capicom, we can use your own CSP and provide your own encryption algorithm for the upper layer application.
Example program
The following is called Capicom by VBScript as an example. You can see that it is very simple.
Certificate
Set CERT = CREATEOBJECT ("CAPICOM.CERTIFICATE") 'Create an object
CERT.IMPORT "PEM Code" 'Enter Certificate Data
CERT.DISPLAY 'Displays the certificate, you can see the very common certificate display window.
Data hare
Set hash = creteObject ("CAPICOM.hashedData")
Hash.hash "need to be a data"
HashResult = hash.value 'Harana has existed HashResult
Reference
There is a detailed description of CAPICOM in MSDN, which provides two connection addresses:
Capicom Reference: MSDN // Security // Security (General) // SDK Documentation // Cryptography // CAPTOGRAPHY REFERENCE / / CAPICOM Reference
CapicoM example: msdn // security // security (general) // sdk documentation // cryptography ///////wwmia //
USING CRYPTOGRAPHY / / USING CAPICOM
Download the latest Capicom:
Http://download.microsoft.com/download/7/0/7708ec16-a770-4777-8b85@fcd05f5ba60/cc2rinst.exe
